Why is Apple’s iOS logging location information? [Updated]

Today, a pair of researchers in Santa Clara, Calif., reported that Apple’s iPhone and 3G iPads maintain a log file with location data. The file, which is in unencrypted form and stored both on the device and in the iTunes backup on a user’s computer, contains both location and time information.

The logging process has been around since iOS 4.0 was released, the researchers said, and the file is generated when that version or later of Apple’s mobile OS is installed on any phone. Through the syncing process, the file is passed on to upgraded phones. For example, I first installed iOS 4.0 on an iPhone 3G, and the tracking information gathered on that phone was carried over to the iPhone 4 I bought last year.

Using the iPhone Tracker program, I grabbed this screen shot that shows my movements around South Texas:

And here you can see my tracked locations around Houston:

The location information is not precise – it’s drawn from cell tower triangulation, rather than GPS data. A cell phone is constantly talking to the cell towers around it, but a phone’s GPS is not always on.

The researchers stress that there’s no indication this data ever leaves the phone or the iTunes backup file, but they rightly express concern that it’s maintained in an insecure format that anyone could read. The iPhone Tracker application is meant to show how easily the data could be grabbed from iTunes on a user’s computer.

The file can be secured on a computer by encrypting the iPhone backup. Connect your iPhone or 3G iPad to the computer and launch iTunes. Click on the name of your device as it appears in the left column, then click the Summary tab. Check the box that says "Encrypt iPhone backup", and apply a password.

However, the file remains in an unsecure format on the iPhone or 3G iPad. Someone with access to the device could, in theory, gain access to the file.

Apple is actually doing this with its users’ consent. Permission to gather information based on location appears deep within Apple’s privacy policy, something most users never read. The relevant section is found under "Collection and Use of Non-Personal Information":

We may collect information such as occupation, language, zip code, area code, unique device identifier, location, and the time zone where an Apple product is used so that we can better understand customer behavior and improve our products, services, and advertising.

So why would Apple keep this kind of data? Andy Ihnatko, tech columnist at the Chicago Sun-Times, has a theory:

This database isn’t storing GPS data. It’s just making a rough location fix based on nearby cell towers. The database can’t reveal where you were…only that you were in a certain vicinity. Sometimes it’s miles and miles off. This implies that the logfile’s purpose is to track the performance of the phone and the network, and not the movements of the user.

That makes sense, though if Apple is using it in this way, why isn’t the data leaving the phone? Or maybe the data is being used for this purpose, but reporting signal quality back in a different way.

Finally, I would not be surprised if other smartphones don’t also keep location data, for a variety of reasons. Google’s privacy policy for Android includes these provisions: [See Update 4.0]

Location data – Google offers location-enabled services, such as Google Maps and Latitude. If you use those services, Google may receive information about your actual location (such as GPS signals sent by a mobile device) or information that can be used to approximate a location (such as a cell ID).

I’ve e-mailed Apple asking for an explanation. So far, I’ve not gotten an answer.

Update: The data in the log file clearly shows not where an iPhone user was, but what cell towers were accessed. If you zoom in to street level in the iPhone Tracker app, you can see the area’s cell tower grid. [Update: And maybe not. See below.]

Update 2.0: Commenter John makes a good point. The grid is too evenly spaced to be precise cell tower locations, and there are dots where I know there are no towers. John suggests:

Its quite possible that the grid is where the tower triangulation rounds its numbers to. If it always rounds to a certain precision and you drive through an area it will look like that.

Still, looking at the resulting grid can give you a feel for cell tower placement. For example, there’s a notorious dead spot for AT&T users on Memorial Drive, around Glenwood Cemetery and the police officers’ memorial. I drive by there every day, but if you zoom in on the iPhone Tracker’s map, you’ll see there are no data points around that location.

Update 3.0 | 4.21.2011: An expert in iOS forensics says the location log file is not new, is routinely used as part of the iPhone/iPad’s location-based services and wasn’t just "discovered." Alex Levinson says he wrote about it in an e-book published last year.

Levinson’s key points:

• Apple isn’t "collecting" the data, as the original researchers allege, because the data never leaves the phone.

• It’s used "all the time" by other software programs on the iPhone, such as the Maps and Camera apps.

• It was in earlier versions of iOS, but in a different format and location. It was changed in iOS 4 because of the Multitasking and Background Location Services feature in that version of the operating system. The operating system lets you disallow location-services access to specific applications when you run them, but the phone is always generating the file for use by those apps that do have access.